Markle idea rejected

One idea for improving government information sharing could never see light of day.

In a report in 2006, the Markle Foundation Task Force on National Security in the Information Age recommended an authorized use approach to speed information sharing.

Traditionally, rules for sharing data are set by the agency that collected the information. Under the standard proposed by the task force, users would be granted access to data associated with a specific mission or threat, regardless of the source of that data.

In testimony July 23 before the Senate Homeland Security and Governmental Affairs Committee, Thomas McNamara, program manager of the federal Information-Sharing Environment, said he had determined that an authorized use approach is not feasible without an overhaul of existing federal laws, rules and regulations that deal with privacy and security.

Jeffrey Smith, a partner at the Arnold & Porter law firm who served on the Markle task force, expressed disappointment over the decision. I believe that the adoption of an authorized use standard is still a desirable and necessary goal, Smith said in published remarks.

However, the ruling pleased other expert observers.Authorized use is wildly impractical, said James Jay Carafano, a senior fellow at the Heritage Foundation. Incremental change, rather than wholesale, is the right way to go. They have to build trust and confidence among stakeholders. I am a big fan of what they have done.

John Cohen, a senior advisor to the ISE, said the office is continuing to evaluate authorized use to determine if and when it can be applied.

 Alice Lipowicz

The federal Information Sharing Environment’s program manager has made some strides in improving sharing among federal, state and local agencies, which he outlined at a recent Senate hearing. But the manager rattled some listeners when he mentioned that his time in the position is short as the change in presidential administrations draws nearer.

“I came out of retirement to pour the foundation, not to complete the building,” Thomas McNamara told the Senate Homeland Security and Governmental Affairs Committee on July 23.

His comments drew a worried reaction from Steven Aftergood, director of the project on government secrecy at the Federation of American Scientists. Aftergood said he fears that McNamara’s planned departure could put a brake on the momentum that has built behind the effort.

“It is July, and the inauguration is not until January,” Aftergood said. “There is a danger that talk about [McNamara’s] departure tends to diminish any sense of urgency that people might feel.”

Congress authorized ISE and its program manager under intelligence reform legislation in 2004, putting it under the Office of the Director of National Intelligence. In 2005, President Bush spelled out the ISE’s goals, including setting up standards and a framework for sharing terrorism information across federal agencies, state, local and tribal governments; the private sector; and foreign governments.

Coping with the presidential transition is just one of several areas to which experts want officials to devote greater attention.

Federal agencies are still struggling with conflicting orders on sharing and securing information, and they are trying to reconcile inconsistent information-handling policies, Aftergood said. ISE is making “slow and steady, but mostly ad hoc” progress in streamlining and coordinating those processes, he added.

Three and a half years after Congress authorized the initiative, it has had some success, according to recent evaluations. ISE has gained credibility among some experts by pursuing a modest and incremental approach rather than a radical revision of existing rules.

But the road hasn’t been completely smooth. The Government Accountability Office reported found that despite successes in establishing the ISE, it has been impossible to measure how much information, if any, is being shared as a result. Eileen Larence, GAO’s director of homeland security and justice issues, presented GAO’s findings at the Senate hearing.

In a report released in March, ISE itself judged that the implementation of the Markle Foundation’s recommended authorized use standard for sharing information would not be feasible because it would require an overhaul of existing laws, rules and regulations.

The to-do listISE’s mission also includes standardizing handling of sensitive but unclassified data. And it is to accomplish all of its goals while protecting the privacy of citizens.

McNamara released an annual report to the Senate panel July 23 that described milestones achieved — including the development of an enterprise architecture framework and standards for sharing data — and details on activities planned for the coming months.

Since 2005, GAO has designated ISE as a high-risk area, which means its success will require significant transformation in government operations and also that it is vulnerable to waste, mismanagement, fraud and abuse.

McNamara has outlined several goals for the next few months, including implementation of the White House’s new guidelines on “controlled unclassified” information, replacing the former “sensitive but unclassified” category, and implementation of the standard format for sharing law enforcement information on suspicious activity.

I n July, the House was considering several information-sharing measures, including a bill that would deploy the White House’s new standards to state, local and tribal law enforcement.GAO, in the July report, said ISE’s progress is incomplete. While the ISE implementation plan of November 2006 sets a June 2009 deadline for deployment, the plan does not create appropriate metrics to measure success, GAO said.

For example, the ISE implementation plan outlined 89 action items but did not fully define the milestones, GAO found. It also required additional stakeholder involvement that has proven difficult to obtain.

The full scope of ISE has not been determined to date, nor have benchmarks of progress been set, GAO added. As of March, 33 action items were completed.

“Defining the scope of a program, desired results, milestones and projects are essential in providing a road map to effectively implement a program,” the GAO report states. “Without such a road map, the program manager and stakeholders risk not being able to effectively manage implementation of the ISE.”McNamara, responding to the concerns, said he acknowledged that he has paid relatively little attention to developing measurements.

“We are a little behind, if you will, on the metrics to measure the progress,” McNamara said. “Making progress took precedence over measuring progress.”

Overall, ISE is making strides, but continues to be limited by its lack of authority, including budget authority, over other agencies, and it is dependent on other agencies’ actions for its success, said Jim Dempsey, vice president of public policy at the Center for Democracy and Technology. “It has made incremental progress, and it is not enough,” Dempsey said.

Given the recent concerns of GAO, and with the presidential transition looming, some observers are concerned that ISE could encounter bumps that might threaten its progress. The solution, McNamara said, is to “institutionalize and ‘routine-ize’ the ISE,” which would lead GAO to drop it from the high-risk list.

But ISE advocates will have to convince a new administration of the initiative’s importance. After January, “you’ll have a new group of bureaucrats at the ISE and unless you have continuity to brief the next generation, it could be swept away,” Carafano said. “I would hope that a new administration wouldn’t dismiss it.”

GAO’s focus on metrics at this time may be premature and ill-timed, said Kim Taipale, executive director of the Center for Advanced Studies for Science and Technology Policy research organization. It also may be adding to pressures related to the upcoming expiration in 2010 of congressional authorization for the program manager’s position, he said.

“There seems to be a sentiment that unless the ISE can prove it is improving anti-terrorism, then they might be defunded by 2010,” Taipale said. “The idea is that they have to prove their usefulness to survive the transition. With major technology transitions like this, it is dangerous to force metrics too early in the process, before you know how people’s behavior is going to change.”